Joost Bekkers wrote: > On Thu, March 5, 2009 12:30, Ivan Voras wrote: >> Hi, >> >> It appears that IPFW drops dynamic (state-keeping) rules for idle IPv6 >> TCP connections after a short (60 seconds by default) timeout. This of >> course creates problems for services like SSH and NFS. I've contacted >> Luigi Rizzo about it but he cannot help with the IPv6 part of the ipfw. >> His guess is that the part that should send keepalive ACK packets like >> ipfw does for IPv4 is broken or nonexistent for IPv6. >> >> Any takers? Should I file a PR? >> >> > > You might want to check if kern/117234 is relevant here. I've got a > feeling this is the problem you're seeing. > > The PR includes a patch, it just needs somebody to commit it.
I'm running a patched kernel now and it doesn't fix the issue - the dynamic rules continue to disappear after the timeout like before. Maybe the patch solves something else?
signature.asc
Description: OpenPGP digital signature
